Jason Hickey

Sunshine: a high performance self-routing broadband packet switch architecture

The authors present a high-performance self-routing packet switch architecture, called Sunshine, that can support a wide range of services having diverse performance objectives and traffic characteristics. Sunshine is based on Batcher-banyan networks and achieves high performance by utilizing both internal and output queuing techniques within a single architecture. This queuing strategy results in an extremely robust and efficient architecture suitable for a wide range of services. An enhanced architecture allowing the bandwidth from an arbitrary set of transmission links to be aggregated into trunk groups to create high bandwidth pipes is also presented. Trunk groups appear as a single logical port on the switch and can be used to increase the efficiency of the switch in an extremely bursty environment or to increase the access bandwidth for selected high-bandwidth terminations. Simulation results are presented. >

The Horus and Ensemble projects: accomplishments and limitations

The Horus and Ensemble efforts culminated a multi-year Cornell research program in process group communication used for fault-tolerance, security and adaptation. Our intent was to understand the degree to which a single system could offer flexibility and yet maintain high performance, to explore the integration of fault tolerance with security and real-time mechanisms, and to increase trustworthiness of our solutions by applying formal methods. Here, we summarize the accomplishments of the effort and evaluate the successes and failures of the approach.

Specifications and Proofs for Ensemble Layers

Ensemble is a widely used group communication system that supports distributed programming by providing precise guarantees for synchronization, message ordering, and message delivery. Ensemble eases the task of distributed-application programming, but as a result, ensuring the correctness of Ensemble itself is a difficult problem. In this paper we use I/O automata for formalizing, specifying, and verifying the Ensemble implementation. We focus specifically on message total ordering, a property that is commonly used to guarantee consistency within a process group. The systematic verification of this protocol led to the discovery of an error in the implementation.

MetaPRL – A Modular Logical Environment

MetaPRL is the latest system to come out of over twenty five years of research by the Cornell PRL group. While initially created at Cornell, MetaPRL is currently a collaborative project involving several universities in several countries. The MetaPRL system combines the properties of an interactive LCF-style tactic-based proof assistant, a logical framework, a logical programming environment, and a formal methods programming toolkit. MetaPRL is distributed under an open-source license and can be downloaded from http://metaprl.org/. This paper provides an overview of the system focusing on the features that did not exist in the previous generations of PRL systems.

Non-Restoring Integer Square Root: A Case Study in Design by Principled Optimization

Theorem proving techniques are particularly well suited for reasoning about arithmetic above the bit level and for relating different levels of abstraction. In this paper we show how a non-restoring integer square root algorithm can be transformed to a very efficient hardware implementation. The top level is a Standard ML function that operates on unbounded integers. The bottom level is a structural description of the hardware consisting of an adder/subtracter, simple combinational logic and some registers. Looking at the hardware, it is not at all obvious what function the circuit implements. At the top level, we prove that the algorithm correctly implements the square root function. We then show a series of optimizing transformations that refine the top level algorithm into the hardware implementation. Each transformation can be verified, and in places the transformations are motivated by knowledge about the operands that we can guarantee through verification. By decomposing the verification effort into these transformations, we can show that the hardware design implements a square root. We have implemented the algorithm in hardware both as an Altera programmable device and in full-custom CMOS.

A Proof Environment for the Development of Group Communication Systems

We present a theorem proving environment for the development of reliable and efficient group communication systems. Our approach makes methods of automated deduction applicable to the implementation of real-world systems by linking the Ensemble group communication toolkit to the NuPRL proof development system.

The implementation of a high speed ATM packet switch using cmos vlsi

This paper describes the implementation of an ATM switch capable of operation at the SONET STS-3 rate. These speeds are achieved using low-cost custom CMOS VLSI. The switch is based on the self-routing Batcher/banyan fabric with contention resolution. To minimize the size of the switch, the fabric is built using a three dimensional structure based on a rearrangement of the shuffle/exchange wiring pattern used in the Batcher/banyan. The components operate at high speed due to the density of the fabric, and the extensive use of pipelining and dynamic logic. The most complex of the fabric components have already been designed and tested at speeds much higher than the intended STS-3 rate.

Sequent Schema for Derived Rules

This paper presents a general sequent schema language that can be used for specifying sequent-style rules for a logical theory. We show how by adding the sequent schema language to a theory we gain an ability to prove new inference rules within the theory itself. We show that the extension of any such theory with our sequent schema language and with any new rules found using this mechanism is conservative. By using the sequent schema language in a theorem prover, one gets an ability to allow users to derive new rules and then use such derived rules as if they were primitive axioms. The conservativity result guarantees the validity of this approach. This property makes it a convenient tool for implementing a derived rules mechanism in theorem provers, especially considering that the application of the rules expressed in the sequent schema language can be efficiently implemented using MetaPRLs fast rewriting engine.

Nuprl-Light: An Implementation Framework for Higher-Order Logics

Recent developments in higher-order logics and theorem prover design have led to an explosion in the amount of mathematics and programming that has been formalized, and the theorem proving community is a faced with a new challenge--sharing and categorizing formalized mathematics from diverse systems. This mathematics is valuable--in many case many man-months, or even man-years, have been devoted to the development of these mathematical libraries. There is potential for more rapid advance if theorem provers of the future provide a means to relate logics formally, while providing adequate protection between logics with differing assumptions. In this paper we describe Nuprl-Light, a descendent of the Nuprl [2] theorem prover, that addresses the issues of diversity and sharing by providing a modular, object-oriented framework for specifying, relating, and developing type theories and mathematical domains. The framework itself assumes (and provides) no type theory or logic, as in LF [4], which is why we call it an implementation framework. Instead, Nuprl-Light provides a meta-framework where logical frameworks such as LF, Nuprl, set theory, and other theories can be defined and developed. Since proof automation is such a critical part of theorem proving in these logics, the implementation framework is tied closely to a programming language (in this case Carol-Light) and the formal module system is tied closely to the programming language modules. Like the Isabelle [9] generic theorem prover, Nuprl-Light uses generalized Horn clauses for logical specification. Indeed, specifications in Nuprl-Light appear quite similar to those in Isabelle. However, where Isabelle uses higher order unification and resolution, Nuprl-Light retains a tactic-tree [3] of LCF [8] style reasoning based on tactics and tacticals, and Nuprl-Light also allows theories to contain specifications of rewrites, using the computational congruence of Howe [7]. Like LF, the Nuprl-Light meta-logic also relies on the judgments-astypes principle (an extension of propositions-as-type), where proofs are terms that inhabit the clauses.

Fast Tactic-Based Theorem Proving

Theorem provers for higher-order logics often use tactics to implement automated proof search. Tactics use a general-purpose metalanguage to implement both general-purpose reasoning and computationally intensive domain-specific proof procedures. The generality of tactic provers has a performance penalty; the speed of proof search lags far behind special-purpose provers. We present a new modular proving architecture that significantly increases the speed of the core logic engine. Our speedup is due to efficient data structures and modularity, which allows parts of the prover to be customized on a domain-specific basis. Our architecture is used in the MetaPRL logical framework, with speedups of more than two orders of magnitude over traditional tactic-based proof search.